Version: 1.0
Effective date: [1/19/26]
This Data Processing Addendum (“DPA”) forms part of the agreement governing Customer’s use of the Services (the “Agreement”) between Whitelabel AI Corporation (d/b/a Whitelabel AI), 823 Congress Ave, Austin, TX 78701, USA (“Whitelabel”, “Processor”, “we”) and the entity agreeing to the Agreement (“Customer”, “Controller”, “you”).
This DPA applies to Whitelabel’s Processing of Personal Data in Customer Content on Customer’s behalf in connection with the Services.
1.1 “Applicable Data Protection Laws” means all data protection and privacy laws applicable to the Processing under this DPA, including where applicable: EU GDPR, UK GDPR and the UK Data Protection Act 2018, Swiss data protection law, and applicable U.S. state privacy laws.
1.2 “Customer Content” means data, documents, prompts, inputs, files, messages, or other content submitted to or made available to the Services by or on behalf of Customer, including End User content.
1.3 “End Users” means Customer’s authorized users of the Services (including Customer employees, contractors, volunteers, agents, and Customer’s end users where applicable).
1.4 “Personal Data” means any information that constitutes “personal data” / “personal information” under Applicable Data Protection Laws that is included in Customer Content and Processed by Whitelabel on Customer’s behalf.
1.5 “Process” / “Processing” has the meaning given under Applicable Data Protection Laws and includes collecting, recording, storing, organizing, using, disclosing, transmitting, or deleting Personal Data.
1.6 “Subprocessor” means any third party engaged by Whitelabel to Process Personal Data on Whitelabel’s behalf to provide the Services.
1.7 “Security Incident” means a Personal Data Breach (as defined below) involving Personal Data Processed under this DPA.
1.8 “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
Capitalized terms not defined here have the meanings in the Agreement.
2.1 Controller / Processor. Customer is the Controller of Personal Data in Customer Content. Whitelabel is a Processor and will Process such Personal Data only on Customer’s documented instructions, as described in this DPA and the Agreement.
2.2 Whitelabel as an independent controller. Whitelabel may act as an independent controller for limited Personal Data relating to Customer’s administrators and contacts (e.g., billing, account administration, security communications). That processing is governed by Whitelabel’s Privacy Policy, not this DPA.
2.3 Details of Processing. The subject matter, nature, purpose, categories of Personal Data, categories of Data Subjects, and duration of Processing are described in Annex 1.